draft-ietf-bfd-unaffiliated-echo-01.txt   draft-ietf-bfd-unaffiliated-echo-02.txt 
BFD Working Group W. Cheng BFD Working Group W. Cheng
Internet-Draft R. Wang Internet-Draft R. Wang
Updates: 5880 (if approved) China Mobile Updates: 5880 (if approved) China Mobile
Intended status: Standards Track X. Min Intended status: Standards Track X. Min
Expires: May 6, 2021 ZTE Corp. Expires: December 24, 2021 ZTE Corp.
R. Rahman R. Rahman
Cisco Systems Individual
R. Boddireddy R. Boddireddy
Juniper Networks Juniper Networks
November 2, 2020 June 22, 2021
Unaffiliated BFD Echo Function Unaffiliated BFD Echo Function
draft-ietf-bfd-unaffiliated-echo-01 draft-ietf-bfd-unaffiliated-echo-02
Abstract Abstract
Bidirectional Forwarding Detection (BFD) is a fault detection Bidirectional Forwarding Detection (BFD) is a fault detection
protocol that can quickly determine a communication failure between protocol that can quickly determine a communication failure between
two forwarding engines. This document proposes a use of the BFD Echo two forwarding engines. This document proposes a use of the BFD Echo
function where the local system supports BFD but the neighboring function where the local system supports BFD but the neighboring
system does not support BFD. system does not support BFD.
Status of This Memo Status of This Memo
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 6, 2021. This Internet-Draft will expire on December 24, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Conventions Used in This Document . . . . . . . . . . . . 3
2. Updates to RFC 5880 . . . . . . . . . . . . . . . . . . . . . 3 2. Updates to RFC 5880 . . . . . . . . . . . . . . . . . . . . . 3
3. Unaffiliated BFD Echo Procedures . . . . . . . . . . . . . . 6 3. Unaffiliated BFD Echo Procedures . . . . . . . . . . . . . . 6
4. Unaffilicated BFD Echo Applicability . . . . . . . . . . . . 7 4. Unaffiliated BFD Echo Applicability . . . . . . . . . . . . . 8
5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . 9 9.2. Informative References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
To minimize the impact of device/link faults on services and improve To minimize the impact of device/link faults on services and improve
network availability, a network device must be able to quickly detect network availability, a network device must be able to quickly detect
faults in communication with adjacent devices. Measures can then be faults in communication with adjacent devices. Measures can then be
taken to promptly rectify the faults to ensure service continuity. taken to promptly rectify the faults to ensure service continuity.
BFD [RFC5880] is a low-overhead, short-duration method to detect BFD [RFC5880] is a low-overhead, short-duration method to detect
faults on the communication path between adjacent forwarding engines. faults on the communication path between adjacent forwarding engines.
The faults can be on interface, data link, and even forwarding The faults can be on interfaces, data link(s), and even the
engine. It is a single, unified mechanism to monitor any media and forwarding engines. It is a single, unified mechanism to monitor any
protocol layers in real time. media and protocol layers in real time.
BFD defines Asynchronous mode to satisfy various deployment BFD defines an Asynchronous mode to satisfy various deployment
scenarios, and also supports Echo function to reduce the device scenarios. It also supports an Echo function to reduce the device
requirement for BFD. When the Echo function is activated, the local requirement for BFD. When the Echo function is activated, the local
system sends BFD Echo packets and the remote system loops back the system sends BFD Echo packets and the remote system loops back the
received Echo packets through the forwarding path. If several received Echo packets through the forwarding path. If several
consecutive BFD Echo packets are not received by the local system, consecutive BFD Echo packets are not received by the local system,
then the BFD session is declared to be Down. then the BFD session is declared to be Down.
When using BFD Echo function, there are two typical scenarios as When using BFD Echo function, there are two typical scenarios as
below: below:
o Full BFD protocol capability with affiliated Echo function: this o Full BFD protocol capability with affiliated Echo function: This
scenario requires both the local device and the neighboring device scenario requires both the local device and the neighboring device
to support full BFD protocol. to support the full BFD protocol.
o Only BFD Echo function without full BFD protocol capability: o BFD Echo-Only function without full BFD protocol capability: This
this scenario requires only the local device to support sending scenario requires only the local device to support sending and
and demultiplexing BFD Control packets. demultiplexing BFD Control packets.
The two typical scenarios are both reasonable and useful, and the The latter scenario is referred to as Unaffiliated BFD Echo function
latter is referred to as Unaffiliated BFD Echo function in this in this document.
document.
Section 6.2.2 of [BBF-TR-146] describes one use case of the Section 6.2.2 of [BBF-TR-146] describes one use case of the
Unaffiliated BFD Echo function, and at least one more use case is Unaffiliated BFD Echo function, and at least one more use case is
known in the field BFD deployment. known to be deployed.
This document describes the use of the Unaffiliated BFD Echo function This document describes the use of the Unaffiliated BFD Echo function
over IPv4 and IPv6 for single IP hop. over IPv4 and IPv6 for single IP hop.
1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Updates to RFC 5880 2. Updates to RFC 5880
The Unaffiliated BFD Echo function described in this document reuses The Unaffiliated BFD Echo function described in this document reuses
the BFD Echo function as described in [RFC5880] and [RFC5881], but the BFD Echo function as described in [RFC5880] and [RFC5881], but
does not require BFD asynchronous mode. When using the Unaffiliated does not require BFD Asynchronous mode. When using the Unaffiliated
BFD Echo function, only the local system has the BFD protocol BFD Echo function, only the local system has the BFD protocol
enabled, the remote system just loops back the received BFD Echo enabled; the remote system just loops back the received BFD Echo
packets as regular data packets. packets as regular data packets.
With that said, this document updates [RFC5880] with respect to its This document updates [RFC5880] with respect to its descriptions on
descriptions on the BFD Echo function as follows. the BFD Echo function as follows.
o [RFC5880] states in the 4th paragraph of Section 3.2: o The 4th paragraph of Section 3.2 of [RFC5880] is updated as below:
OLD TEXT
An adjunct to both modes is the Echo function.
NEW TEXT
An adjunct or complement to both modes is the Echo function.
OLD TEXT
An adjunct to both modes is the Echo function. When the Echo
function is active, a stream of BFD Echo packets is transmitted in
such a way as to have the other system loop them back through its
forwarding path. If a number of packets of the echoed data stream
are not received, the session is declared to be down. The Echo
function may be used with either Asynchronous or Demand mode.
Since the Echo function is handling the task of detection, the Since the Echo function is handling the task of detection, the
rate of periodic transmission of Control packets may be reduced rate of periodic transmission of Control packets may be reduced
(in the case of Asynchronous mode) or eliminated completely (in (in the case of Asynchronous mode) or eliminated completely (in
the case of Demand mode). the case of Demand mode).
* This paragraph is now updated to: NEW TEXT
An adjunct or complement to both modes is the Echo function. When Since the Echo function is handling the task of detection, the
the Echo function is active, a stream of BFD Echo packets is rate of periodic transmission of Control packets may be reduced
transmitted in such a way as to have the other system loop them (in the case of Asynchronous mode) or eliminated completely (in
back through its forwarding path. If a number of packets of the the case of Demand mode). The Echo function may also be used
echoed data stream are not received, the session is declared to be independently, with neither Asynchronous nor Demand mode.
down. The Echo function may be used with either Asynchronous or
Demand mode. Since the Echo function is handling the task of
detection, the rate of periodic transmission of Control packets
may be reduced (in the case of Asynchronous mode) or eliminated
completely (in the case of Demand mode). The Echo function may
also be used independently, with neither Asynchronous nor Demand
mode.
o [RFC5880] states in the 3rd and 9th paragraphs of Section 6.1: o The 3rd and 9th paragraphs of Section 6.1 of [RFC5880] are updated
as below:
OLD TEXT
Once the BFD session is Up, a system can choose to start the Echo Once the BFD session is Up, a system can choose to start the Echo
function if it desires and the other system signals that it will function if it desires and the other system signals that it will
allow it. The rate of transmission of Control packets is allow it.
typically kept low when the Echo function is active.
NEW TEXT
When a system is running with Asynchronous mode, once the BFD
session is Up, it can choose to start the Echo function if it
desires and the other system signals that it will allow it.
OLD TEXT
If the session goes Down, the transmission of Echo packets (if If the session goes Down, the transmission of Echo packets (if
any) ceases, and the transmission of Control packets goes back to any) ceases, and the transmission of Control packets goes back to
the slow rate. the slow rate.
* The two paragraphs are now updated to: NEW TEXT
When a system is running with Asynchronous mode, once the BFD
session is Up, it can choose to start the Echo function if it
desires and the other system signals that it will allow it. The
rate of transmission of Control packets is typically kept low when
the Echo function is active.
In Asynchronous mode, if the session goes Down, the transmission In Asynchronous mode, if the session goes Down, the transmission
of Echo packets (if any) ceases, and the transmission of Control of Echo packets (if any) ceases, and the transmission of Control
packets goes back to the slow rate. packets goes back to the slow rate.
o [RFC5880] states in the 2nd paragraph of Section 6.4: o The 2nd paragraph of Section 6.4 of [RFC5880] is updated as below:
OLD TEXT
When a system is using the Echo function, it is advantageous to When a system is using the Echo function, it is advantageous to
choose a sedate reception rate for Control packets, since liveness choose a sedate reception rate for Control packets, since liveness
detection is being handled by the Echo packets. This can be detection is being handled by the Echo packets.
controlled by manipulating the Required Min RX Interval field (see
section 6.8.3).
* This paragraph is now updated to: NEW TEXT
When a system is using the Echo function with Asynchronous mode, When a system is using the Echo function with Asynchronous mode,
it is advantageous to choose a sedate reception rate for Control it is advantageous to choose a sedate reception rate for Control
packets, since liveness detection is being handled by the Echo packets, since liveness detection is being handled by the Echo
packets. This can be controlled by manipulating the Required Min packets.
RX Interval field (see section 6.8.3).
o [RFC5880] states in the 2nd paragraph of Section 6.8: o The 2nd paragraph of Section 6.8 of [RFC5880] is updated as below:
OLD TEXT
When a system is said to have "the Echo function active" it means When a system is said to have "the Echo function active" it means
that the system is sending BFD Echo packets, implying that the that the system is sending BFD Echo packets, implying that the
session is Up and the other system has signaled its willingness to session is Up and the other system has signaled its willingness to
loop back Echo packets. loop back Echo packets.
* This paragraph is now updated to: NEW TEXT
When a system in Asynchronous or Demand mode is said to have "the When a system in Asynchronous or Demand mode is said to have "the
Echo function active" it means that the system is sending BFD Echo Echo function active" it means that the system is sending BFD Echo
packets, implying that the session is Up and the other system has packets, implying that the session is Up and the other system has
signaled its willingness to loop back Echo packets. signaled its willingness to loop back Echo packets.
o [RFC5880] states in the 7th paragraph of Section 6.8.3: o The 7th paragraph of Section 6.8.3 of [RFC5880] is updated as
below:
OLD TEXT
When the Echo function is active, a system SHOULD set When the Echo function is active, a system SHOULD set
bfd.RequiredMinRxInterval to a value of not less than one second bfd.RequiredMinRxInterval to a value of not less than one second
(1,000,000 microseconds). This is intended to keep received BFD (1,000,000 microseconds).
Control traffic at a negligible level, since the actual detection
function is being performed using BFD Echo packets.
* This paragraph is now updated to: NEW TEXT
When the Echo function is active with Asynchronous mode, a system When the Echo function is active with Asynchronous mode, a system
SHOULD set bfd.RequiredMinRxInterval to a value of not less than SHOULD set bfd.RequiredMinRxInterval to a value of not less than
one second (1,000,000 microseconds). This is intended to keep one second (1,000,000 microseconds).
received BFD Control traffic at a negligible level, since the
actual detection function is being performed using BFD Echo
packets.
o [RFC5880] states in the 1st and 2nd paragraphs of Section 6.8.9: o The 1st and 2nd paragraphs of Section 6.8.9 of [RFC5880] are
updated as below:
OLD TEXT
BFD Echo packets MUST NOT be transmitted when bfd.SessionState is BFD Echo packets MUST NOT be transmitted when bfd.SessionState is
not Up. BFD Echo packets MUST NOT be transmitted unless the last not Up. BFD Echo packets MUST NOT be transmitted unless the last
BFD Control packet received from the remote system contains a BFD Control packet received from the remote system contains a
nonzero value in Required Min Echo RX Interval. nonzero value in Required Min Echo RX Interval.
BFD Echo packets MAY be transmitted when bfd.SessionState is Up. NEW TEXT
The interval between transmitted BFD Echo packets MUST NOT be less
than the value advertised by the remote system in Required Min
Echo RX Interval, except as follows:
A 25% jitter MAY be applied to the rate of transmission, such
that the actual interval MAY be between 75% and 100% of the
advertised value. A single BFD Echo packet MAY be transmitted
between normally scheduled Echo transmission intervals.
* The two paragraphs are now updated to:
When a system is using the Echo function with either Asynchronous When a system is using the Echo function with either Asynchronous
or Demand mode, BFD Echo packets MUST NOT be transmitted when or Demand mode, BFD Echo packets MUST NOT be transmitted when
bfd.SessionState is not Up, and BFD Echo packets MUST NOT be bfd.SessionState is not Up, and BFD Echo packets MUST NOT be
transmitted unless the last BFD Control packet received from the transmitted unless the last BFD Control packet received from the
remote system contains a nonzero value in Required Min Echo RX remote system contains a nonzero value in Required Min Echo RX
Interval. Interval.
OLD TEXT
BFD Echo packets MAY be transmitted when bfd.SessionState is Up.
The interval between transmitted BFD Echo packets MUST NOT be less
than the value advertised by the remote system in Required Min
Echo RX Interval...
NEW TEXT
When a system is using the Echo function with either Asynchronous When a system is using the Echo function with either Asynchronous
or Demand mode, BFD Echo packets MAY be transmitted when or Demand mode, BFD Echo packets MAY be transmitted when
bfd.SessionState is Up, and the interval between transmitted BFD bfd.SessionState is Up, and the interval between transmitted BFD
Echo packets MUST NOT be less than the value advertised by the Echo packets MUST NOT be less than the value advertised by the
remote system in Required Min Echo RX Interval, except as follows: remote system in Required Min Echo RX Interval...
A 25% jitter MAY be applied to the rate of transmission, such
that the actual interval MAY be between 75% and 100% of the
advertised value. A single BFD Echo packet MAY be transmitted
between normally scheduled Echo transmission intervals.
3. Unaffiliated BFD Echo Procedures 3. Unaffiliated BFD Echo Procedures
As shown in Figure 1, device A supports BFD, whereas device B does As shown in Figure 1, device A supports BFD, whereas device B does
not support BFD. To rapidly detect any IP forwarding faults between not support BFD. Device A would send BFD Echo packets, and after
device A and device B, a BFD Echo session MUST be created at device receiving the BFD Echo packets sent from device A, the one-hop-away
A, and the BFD Echo session is RECOMMENDED to follow the BFD state BFD peer device B immediately loops them back by normal IP
machine defined in Section 6.2 of [RFC5880], except that the received forwarding, this allows device A to rapidly detect a connectivity
state is not sent but echoed from the remote system. In this case, loss to device B. Note that device B would not intercept any
although BFD Echo packets are transmitted with destination UDP port received BFD Echo packet or parse any BFD protocol field within the
3785 as defined in [RFC5881], the BFD Echo packets sent by device A BFD Echo packet.
are BFD Control packets too, the looped BFD Echo packets back from
device B would drive BFD state change at device A, substituting the To rapidly detect any IP forwarding faults between device A and
BFD Control packets sent from the BFD peer. device B, a BFD Echo session MUST be created at device A, and the BFD
Echo session is RECOMMENDED to follow the BFD state machine defined
in Section 6.2 of [RFC5880], except that the received state is not
sent but echoed from the remote system, and AdminDown state is ruled
out because AdminDown effectively means removal of BFD Echo session.
In this case, although BFD Echo packets are transmitted with
destination UDP port 3785 as defined in [RFC5881], the BFD Echo
packets sent by device A are BFD Control packets too, the looped BFD
Echo packets back from device B would drive BFD state change at
device A, substituting the BFD Control packets sent from the BFD
peer. Also note that when device A receives looped BFD Control
packets, the validation procedures of [RFC5880] are used.
Once a BFD Echo session is created at device A, it starts sending BFD Once a BFD Echo session is created at device A, it starts sending BFD
Echo packets, which SHOULD include a BFD Echo session demultiplexing Echo packets, which SHOULD include a BFD Echo session demultiplexing
field, such as BFD Your Discriminator defined in [RFC5880] (BFD My field, such as BFD "Your Discriminator" defined in [RFC5880] (BFD "My
Discriminator can be set to 0 to avoid confusion), except that device Discriminator" can be set to 0 to avoid confusion), except that
A can use IP source address or UDP source port to demultiplex BFD device A can use IP source address or UDP source port to demultiplex
Echo session, or there is only one BFD Echo session running at device BFD Echo session, or there is only one BFD Echo session running at
A. Device A would send BFD Echo packets with IP destination address device A. Device A would send BFD Echo packets with IP destination
destined for itself, such as the IP address of interface 1 of device address destined for itself, such as the IP address of interface 1 of
A. All BFD Echo packets for the session MUST be sent with a Time to device A. All BFD Echo packets for the session MUST be sent with a
Live (TTL) or Hop Limit value of 255. Time to Live (TTL) or Hop Limit value of 255.
Considering the BFD peer wouldn't advertise Required Min Echo RX "Desired Min TX Interval" and "Required Min RX Interval" defined in
Interval as defined in [RFC5880], the transmit interval for sending [RFC5880] may be populated with one second within the BFD Echo
BFD Echo packets MUST be provisioned at device A, how to make sure packet, which however has no real application and would be ignored by
the BFD peer is willing and able to loop back BFD Echo packets sent the receiver.
with the provisioned transmit interval is outside the scope of this
document. Considering the BFD peer wouldn't advertise Detect Mult as
defined in [RFC5880], the Detect Mult for calculating the Detection
Time MUST be provisioned at device A, the Detection Time in device A
is equal to the provisioned Detect Mult multiplied by the provisioned
transmit interval.
After receiving the BFD Echo packets sent from device A, the one-hop- Considering the BFD peer wouldn't advertise "Required Min Echo RX
away BFD peer device B immediately loops them back by normal IP Interval" as defined in [RFC5880], the transmission interval for
forwarding, this allows device A to rapidly detect a connectivity sending BFD Echo packets MUST be provisioned at device A, how to make
loss to device B. sure the BFD peer is willing and able to loop back BFD Echo packets
sent with the provisioned transmission interval is outside the scope
of this document. Similar to what's specified in [RFC5880], the BFD
Echo session begins with the periodic, slow transmission of BFD Echo
packets, the slow transmission rate SHOULD be no less then one second
per packet, until the session is Up, after that the provisioned
transmission interval is applied, and reverting back to the slow rate
once the session goes Down. Considering the BFD peer wouldn't
advertise "Detect Mult" as defined in [RFC5880], the "Detect Mult"
for calculating the Detection Time MUST be provisioned at device A,
the Detection Time in device A is equal to the provisioned "Detect
Mult" multiplied by the provisioned transmission interval.
Device A Device B Device A Device B
BFD Echo session
BFD Enabled BFD Echo packets loopback
+--------+ +---------+
| A |---------------------------------| B |
| |Inf 1 Inf 1| |
+--------+10.1.1.1/24 10.1.1.2/24+---------+
BFD is supported. BFD is not supported.
Figure 1: Unaffiliated BFD Echo deployment scenario BFD Enabled BFD Echo packets loopback
+--------+ BFD Echo session +---------+
| A |--------------------------------| B |
| |Inf 1 Inf 1| |
+--------+10.1.1.1/24 10.1.1.2/24+---------+
BFD is supported. BFD is not supported.
4. Unaffilicated BFD Echo Applicability Figure 1: Unaffiliated BFD Echo diagram
With the more and more application of BFD detection, there are some 4. Unaffiliated BFD Echo Applicability
scenarios the BFD Echo function is deployed. And due to the
different capabilities of the devices deploying BFD Echo function,
it's required to apply Unaffiliated BFD Echo to the devices that
couldn't afford the overhead of the full BFD protocol capability,
such as the servers running virtual machines or some Internet of
Things (IoT) devices. Unaffiliated BFD Echo can be used when two
devices are connected and only one of them supports BFD protocol
capability.
Unaffiliated BFD Echo function is reasonable and useful. Firstly, Some devices that would benefit from the use of BFD may be unable to
Unaffiliated BFD Echo can use BFD protocol capability at the local support the full BFD protocol. Examples of such devices include
BFD-supported device, while using IP forwarding capability at the servers running virtual machines, or Internet of Things (IoT)
peer BFD-unsupported device, so Unaffiliated BFD Echo can support devices. The Unaffiliated BFD Echo function can be used when two
fast detecting and manage BFD sessions very effectively. Secondly, devices are connected and only one of them supports the BFD protocol,
it is scalable when using Unaffiliated BFD Echo to adapt to different and the other is capable of looping BFD Echo packets.
capabilities of devices.
5. Security Considerations 5. Security Considerations
Unicast Reverse Path Forwarding (uRPF), as specified in [RFC3704] and All Security Considerations from [RFC5880] and [RFC5881] apply.
[RFC8704], is a security feature that prevents the IP address
spoofing attacks which is commonly used in DoS, DDoS. uRPF has two Note that the Unaffiliated BFD Echo function prevents the use of
modes called strict mode and loose mode. uRPF strict mode means that Unicast Reverse Path Forwarding (URPF) [RFC3704] [RFC8704] in strict
the router will perform checks for all incoming packets on a certain mode.
interface: whether the router has a matching entry for the source IP
in the routing table and whether the router uses the same interface As specified in Section 5 of [RFC5880], since BFD Echo packets may be
to reach this source IP as where the router received this packet on. spoofed, some form of authentication SHOULD be included. Considering
Note that the use of BFD Echo function would prevent the use of uRPF the BFD Echo packets in this document are also BFD Control packets,
in strict mode. the "Authentication Section" as defined in [RFC5880] for BFD Control
packet is RECOMMENDED to be included within the BFD Echo packet.
In order to mitigate the potential reflector attack by the remote
attackers, or infinite loop of the BFD Echo packets, it's RECOMMENDED
to put two requirements on the device looping BFD Echo packets, the
first one is that a packet SHOULD NOT be looped unless it has a TTL
or Hop Limit value of 255, and the second one is that a packet being
looped MUST NOT reset the TTL or Hop Limit value to 255, and MUST use
a TTL or Hop Limit value of 254.
6. IANA Considerations 6. IANA Considerations
This document has no IANA action requested. This document has no IANA action requested.
7. Acknowledgements 7. Acknowledgements
The authors would like to acknowledge Ketan Talaulikar, Greg Mirsky The authors would like to acknowledge Ketan Talaulikar, Greg Mirsky
and Santosh Pallagatti for their careful review and very helpful and Santosh Pallagatti for their careful review and very helpful
comments. comments.
The authors would like to acknowledge Jeff Haas for his insightful
review and very helpful comments.
8. Contributors 8. Contributors
Liu Aihua Liu Aihua
ZTE ZTE
Email: liu.aihua@zte.com.cn Email: liu.aihua@zte.com.cn
Qian Xin Qian Xin
ZTE ZTE
Email: qian.xin2@zte.com.cn Email: qian.xin2@zte.com.cn
Zhao Yanhua Zhao Yanhua
ZTE ZTE
Email: zhao.yanhua3@zte.com.cn Email: zhao.yanhua3@zte.com.cn
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>. <https://www.rfc-editor.org/info/rfc5880>.
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881,
DOI 10.17487/RFC5881, June 2010, DOI 10.17487/RFC5881, June 2010,
<https://www.rfc-editor.org/info/rfc5881>. <https://www.rfc-editor.org/info/rfc5881>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 9.2. Informative References
[BBF-TR-146] [BBF-TR-146]
Broadband Forum, "BBF Technical Report - Subscriber Broadband Forum, "BBF Technical Report - Subscriber
Sessions Issue 1", 2013, <https://www.broadband- Sessions Issue 1", 2013, <https://www.broadband-
forum.org/technical/download/TR-146.pdf>. forum.org/technical/download/TR-146.pdf>.
[RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed [RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed
Networks", BCP 84, RFC 3704, DOI 10.17487/RFC3704, March Networks", BCP 84, RFC 3704, DOI 10.17487/RFC3704, March
2004, <https://www.rfc-editor.org/info/rfc3704>. 2004, <https://www.rfc-editor.org/info/rfc3704>.
skipping to change at page 9, line 31 skipping to change at page 10, line 15
[RFC8704] Sriram, K., Montgomery, D., and J. Haas, "Enhanced [RFC8704] Sriram, K., Montgomery, D., and J. Haas, "Enhanced
Feasible-Path Unicast Reverse Path Forwarding", BCP 84, Feasible-Path Unicast Reverse Path Forwarding", BCP 84,
RFC 8704, DOI 10.17487/RFC8704, February 2020, RFC 8704, DOI 10.17487/RFC8704, February 2020,
<https://www.rfc-editor.org/info/rfc8704>. <https://www.rfc-editor.org/info/rfc8704>.
Authors' Addresses Authors' Addresses
Weiqiang Cheng Weiqiang Cheng
China Mobile China Mobile
Beijing Beijing
CN China
Email: chengweiqiang@chinamobile.com Email: chengweiqiang@chinamobile.com
Ruixue Wang Ruixue Wang
China Mobile China Mobile
Beijing Beijing
CN China
Email: wangruixue@chinamobile.com Email: wangruixue@chinamobile.com
Xiao Min Xiao Min
ZTE Corp. ZTE Corp.
Nanjing Nanjing
CN China
Email: xiao.min2@zte.com.cn Email: xiao.min2@zte.com.cn
Reshad Rahman Reshad Rahman
Cisco Systems Individual
Kanata Kanata
CA Canada
Email: rrahman@cisco.com Email: reshad@yahoo.com
Raj Chetan Boddireddy Raj Chetan Boddireddy
Juniper Networks Juniper Networks
Email: rchetan@juniper.net Email: rchetan@juniper.net
 End of changes. 64 change blocks. 
169 lines changed or deleted 199 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/